Generally, operating systems (OSs) provide some mechanism for communication among software processes. Inter-process communication is often defined by interfaces that specify a vocabulary and patterns (e.g., protocols) for communication. Such inter-process communication allows software processes to exchange data and signal events.
Some conventional OSs which allow inter-process communication employ mechanisms to exercise control over that communication. One of the common control mechanisms uses an Access-Control List (ACL). An ACL is a data structure (e.g., a list or table) that informs an OS which permissions (i.e., access rights or privileges) that each executing software process has to a specific system object (e.g., file, directory, user, etc.) or another process. Examples of common permissions include reading, writing, and executing.
When an access request is made, a conventional OS identifies the requester (i.e., a process seeking access), the kind of access being requested, and the target object of the request. The conventional OS opens the ACL associated with the target object and looks-up the requester to see if the requester is allowed access. If a match is found, the OS determines whether the kind of access that has been requested is permitted. If permitted, the OS allows the requested access. If not permitted, the OS does not allow the requested access.
However, conventional ACL approaches usually use a fixed set of possible permissions (such as read, write, and execute). Primarily, this is performed to create a defined data structure (e.g., a table) for the ACL. However, a fixed set of permissions does not allow for flexibility in providing permission for finer granularity in the existing access types or for new types of accesses.
The ACL approach is also used by other systems and computing components, such as the communications system, file system, security system, and the like.